WP_REST_Posts_Controller::check_password_required()publicWP 5.7.1

Overrides the result of the post password check for REST requested posts.

Allow users to read the content of password protected posts if they have previously passed a permission check or if they have the edit_post for the post being checked.

Method of the class: WP_REST_Posts_Controller{}

No Hooks.


true|false. Result of password check taking in to account REST API considerations.


$WP_REST_Posts_Controller = new WP_REST_Posts_Controller();
$WP_REST_Posts_Controller->check_password_required( $required, $post );
$required(true|false) (required)
Whether the post requires a password check.
$post(WP_Post) (required)
The post been password checked.


Since 5.7.1 Introduced.

WP_REST_Posts_Controller::check_password_required() code WP 6.5.3

public function check_password_required( $required, $post ) {
	if ( ! $required ) {
		return $required;

	$post = get_post( $post );

	if ( ! $post ) {
		return $required;

	if ( ! empty( $this->password_check_passed[ $post->ID ] ) ) {
		// Password previously checked and approved.
		return false;

	return ! current_user_can( 'edit_post', $post->ID );